Security Issues

kpdf contains several buffer overflows in its xpdf-based code which can be triggered
by a specially crafted pdf file.
Read the detailed advisory.
All versions of KDE up to and including KDE 3.5.0 are affected.

kjs contains a heap based buffer overflow when decoding certain malcrafted utf8
uri sequences.
Read the detailed advisory.
All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.0 are affected.

kpdf contains a buffer overflow in its xpdf-based code which can be triggered
by a specially crafted pdf file.
Read the detailed advisory.
All versions of KDE 3.3.0 up to and including KDE 3.5.1 are affected.

KDM contains a symlink attack vulnerability that allows a normal
user to read files from other users including root.
Read the detailed advisory.
All versions of KDE starting with KDE 3.2.0 up to and including KDE 3.5.2
are affected.

kpdf contains a denial of service vulnerability in xpdf based code that
can cause the client to crash via a specially crafted pdf file.
Read the detailed advisory.
All versions of KDE up to and including KDE 3.5.5 are affected.

Some Linux/UNIX OS vendors have kindly provided binary packages of
KDE 3.4.3 for some versions of their distribution, and in other cases
community volunteers have done so.
Some of these binary packages are available for free download from KDE's
http or
FTP mirrors.